This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
"The Border Gateway Protocol (BGP) conditional advertisement feature provides additional control of route advertisement, depending on the existence of other prefixes in the BGP table."
I am assuming, for those who want to read this post, that you have some understanding of BGP and its use of prefix-lists and route maps, otherwise this post might be hard to understand. Mind you, conditional advertisement is part of the CCIE R&S exam.
So let me go straight to the scenario:
So the routers under my admin domain are BEN and IBM. My primary router is BEN and my public IP range I am advertising is 22.214.171.124/24.
My two ISPs are Telstra and Next.
BEN has an eBGP neighbour with Telstra,
IBM has an eBGP peer with Next.
Then BEN and IBM from an iBGP neighbourship.
Nothing new so far. Now I have found that when advertising out the same public IP address (prefix) towards 2 different providers, even with AS path prepend, trying to make one ISP more preferable over the other, is highly unpredictable. This is because some providers prefer other providers no matter how often you AS prepend the crap out of your public prefix. This can cause asynchronous routing where your exit path is the primary ISP and entry through your secondary router. So I was looking for another solution; only route my public IP addresses out to the backup provider (Next in my case), in the event the primary fails. Or even better; fail over when the primary ISP stops advertising a default route into my organisation through the primary router.
In order to put all this in place, most, if not all configuration is done on the secondary router; IBM, so lets dive in.
As you can see below, the secondary internet router (IBM) has 2 default gateways
IBM#sh ip bgp topology *
For address family: IPv4 Unicast
BGP table version is 26, local router ID is 126.96.36.199
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 0.0.0.0 188.8.131.52 0 200 0 3000 i
* 184.108.40.206 100 0 4000 i
The most preferred on comes from the BEN router, which in turn is being advertised by the Telstra Router (220.127.116.11). Initially I was going to use ip sla tracking on the IBM router to advertise 18.104.22.168/24 out if BEN lost the connection to Telstra, but this is not as fool proof as checking if the default gateway is still being advertised by BEN, because if my primary internet router no longer sends a default route 0.0.0.0 to my secondary internet router, the either my primary router is down, the link to Telstra is down, or Telstra is for some other reason no longer advertising a default route.
OK so on my IBM i set up a conditional advertisement to my Next BGP peer:
what this means is thatroute map ADVERTISEis being invoked when the condition inroute map NON-EXISTno longer exists.
route-map ADVERTISE permit 10
match ip address 60
route-map NON-EXIST permit 10
match ip address prefix-list TEST
match community 1
So the ADVERTISE route map is the easy part, it constitutes our public IP prefix 22.214.171.124/24
access-list 60 permit 126.96.36.199 0.0.0.255
the NON-EXIST route map is the condition that needs checking, and has in fact two conditions in it; it checks the prefix for a certain community and it checks if the actual prefix is available in the BGP table:
ip prefix-list TEST seq 5 permit 0.0.0.0/0
The reason there are two conditions, is that (refer to the sh ip bgp topology * output above), there are two 0.0.0.0 prefixes in the table; one from each provider. Now I am only interested in checking one of them; namely the one that comes from BEN 188.8.131.52. I though it would be easiest to add a check for a certain community in (although AS path would have worked as well).
ip community-list 1 permit 362000
So basically this second condition check to see if the route has 362000 as the community.
You can check the route to see if the community attribute is set and has the correct value. see below
IBM#sh ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 25
Paths: (3 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
3000, (received & used)
184.108.40.206 from 220.127.116.11 (18.104.22.168)
Origin IGP, metric 0, localpref 200, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
So at this stage both conditions should be met; a) a default route in the BGP table and b)a route with community attribute 36200. So our public prefix 22.214.171.124/24 should NOT be advertised out IBM to Next. To verify:
IBM#sh ip bgp nei 126.96.36.199
BGP neighbor is 188.8.131.52, remote AS 4000, external link
As you can see the conditional advertisement states "withdraw" which means the condition to start advertising is not met; ie.e we have a valid default route coming from BEN. So let me break something to trigger the condition to change. For this I will shut the connection between Telstra and BEN. (Remember BEN does not originate 0.0.0.0, its receives it from Telstra and as soon as that link breaks, it should no longer receive a default route either).
Hello All im experiencing a problem with some computers dropping IP the addresswith a release / renew the computer is getting a new ip from the dhcp server and after 5 minutes just goes down and doenst repond any more in the arp table is s...
We have two 4500-X layer 3 switches, one at each location running EIGRP and Layer 2. There are two connections between the 4500's that are trunk lines. We have about 30 VLANs, all of them are within the 10.x.x.x range. We have routing enabled, EIGRP is se...
I changing from managed (AT&T) MPLS to MetroE (self managed). I have topology like this:Main Office on MetroE (100Mb) on 3560 192.168.100.xBranch 1 on MetroE (10Mb) to CE500: 192.168.100.x &n...
Question, if I have a router setup as DHCP server and I also give that router an IP helper address will it provide host in that subnet an IP address and also forward a request to the IP listed under the IP helper command? Scenario is host receive IP addre...